www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Add sockaddr to proxy_conn_rec. Using the workers address

Browse Source 
is unsafe for forward proxy workers, cause unlike reverse
proxies the forward can have each connection with different
remote address.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105046 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Mladen Turk
2004-09-09 13:03:06 +00:00
parent 4f7554d102
commit bea1cc4147
2 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/proxy/mod_proxy.h
View File

@@ -198,6 +198,7 @@ typedef struct {
int is_ssl; int is_ssl;
apr_pool_t *pool; /* Subpool used for creating socket */ apr_pool_t *pool; /* Subpool used for creating socket */
apr_socket_t *sock; /* Connection socket */ apr_socket_t *sock; /* Connection socket */
apr_sockaddr_t *addr; /* Preparsed remote address info */
apr_uint32_t flags; /* Conection flags */ apr_uint32_t flags; /* Conection flags */
int close; /* Close 'this' connection */ int close; /* Close 'this' connection */
int close_on_recycle; /* Close the connection when returning to pool */ int close_on_recycle; /* Close the connection when returning to pool */

15
modules/proxy/proxy_util.c
View File

@@ -1658,13 +1658,15 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
uri->fragment ? uri->fragment : "", NULL); uri->fragment ? uri->fragment : "", NULL);
} }
/* TODO: add address cache for forward proxies */
conn->addr = worker->cp->addr;
if (r->proxyreq == PROXYREQ_PROXY) { if (r->proxyreq == PROXYREQ_PROXY) {
err = apr_sockaddr_info_get(&(worker->cp->addr), err = apr_sockaddr_info_get(&(conn->addr),
conn->hostname, APR_UNSPEC, conn->hostname, APR_UNSPEC,
conn->port, 0, conn->port, 0,
p); p);
} }
else if (!worker->cp->addr) else if (!worker->cp->addr) {
/* Worker can have the single constant backend adress. /* Worker can have the single constant backend adress.
* The single DNS lookup is used once per worker. * The single DNS lookup is used once per worker.
* If dynamic change is needed then set the addr to NULL * If dynamic change is needed then set the addr to NULL
@@ -1674,7 +1676,8 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
conn->hostname, APR_UNSPEC, conn->hostname, APR_UNSPEC,
conn->port, 0, conn->port, 0,
worker->cp->pool); worker->cp->pool);
conn->addr = worker->cp->addr;
}
if (err != APR_SUCCESS) { if (err != APR_SUCCESS) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY, return ap_proxyerror(r, HTTP_BAD_GATEWAY,
apr_pstrcat(p, "DNS lookup failure for: ", apr_pstrcat(p, "DNS lookup failure for: ",
@@ -1693,7 +1696,7 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
} }
/* check if ProxyBlock directive on this host */ /* check if ProxyBlock directive on this host */
if (OK != ap_proxy_checkproxyblock(r, conf, worker->cp->addr)) { if (OK != ap_proxy_checkproxyblock(r, conf, conn->addr)) {
return ap_proxyerror(r, HTTP_FORBIDDEN, return ap_proxyerror(r, HTTP_FORBIDDEN,
"Connect to remote machine blocked"); "Connect to remote machine blocked");
} }
@@ -1729,7 +1732,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
apr_status_t rv; apr_status_t rv;
int connected = 0; int connected = 0;
int loglevel; int loglevel;
apr_sockaddr_t *backend_addr = worker->cp->addr; apr_sockaddr_t *backend_addr = conn->addr;
apr_socket_t *newsock; apr_socket_t *newsock;
if (conn->sock) { if (conn->sock) {
@@ -1833,7 +1836,7 @@ PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
server_rec *s) server_rec *s)
{ {
proxy_worker *worker = conn->worker; proxy_worker *worker = conn->worker;
apr_sockaddr_t *backend_addr = worker->cp->addr; apr_sockaddr_t *backend_addr = conn->addr;
/* The socket is now open, create a new backend server connection /* The socket is now open, create a new backend server connection
* *